Post on 05-Jun-2020
1
Guess Who is Stealing from You
May 10, 2019
William J. KowalskiTherese M. Boka
2
Principal & Director of Operations
Twenty-five years as a Special Agent with the Federal Bureau of Investigation (FBI).
Assistant Special Agent in Charge of the FBI in Detroit with oversight responsibility for counter-terrorism operations throughout Michigan.
Served in FBI offices in Detroit, Memphis, New York City, Flint, and Washington, D.C.
Ten years investigating fraud and providing fraud prevention consulting with Rehmann.
Rehmann Consulting Team
William J. Kowalski
Thirty years of experience in the healthcare industry establishing and managing healthcare practices, coding and billing, planning and documenting workflows, training staff, compliance and implementing industry standards.
Past President and owner of a successful Medical billing and Consulting firm that managed more than 210 physicians. Also a Certified Professional Coder, Medical Auditor and Compliance Officer.
Senior Manager - Healthcare Management AdvisorsTherese M. Boka
3
Practice-Initiated Fraud Employee-Initiated Fraud
Agenda
4
Services not rendered
Billing for services never provided without a patient’s knowledge
For example:
• Population mostly affected are the elderly who can easily be convinced there is not a problem by the staff if confronted.
Ways Providers and their Staff manipulate reimbursement
5
Non-covered as covered
Billing for services that are not ordinarily billable to the insurance as a renamed covered service.
Billing under another CPT code that is payable.
For example:
• A plastic surgery "nose job" (cosmetic), which is not covered by insurance, may be called a deviated septum, which is a billable procedure.
6
Misrepresenting dates of service
Changing the date of service reported to the insurance carrier to get paid.
For example:
• Splitting one day of service into 2 as to not be inclusive in the OV or
• Waiting to bill a global period visit outside of global period.
7
Misrepresenting locations of service
Stating on the CMS 1500 form a location code when the service wasn’t performed there just to get paid.
Example:
• Patient given allergy injections to take home and self-administer, but practice billed as done in office. The procedure must be done in a medically supervised setting.
8
Misrepresenting provider of service
Billing under a “Physician” who is not providing the service could put you in violation of the “False Claims Act”
Example:
• Non-certified person providing services or not appropriately billing Nurse Practitioner or Physician Assistant Services. Not following “incident to” guidelines.
9Waiving deductibles/co-payments
Waiving of deductibles, co-payments and balance billing the patient can be a violation of the Federal Anti-Kickback Statute.
FACT: Government and most commercial health care plans don’t allow a medical provider to waive patients’ deductibles, co-pay or co-insurance amounts.
“Balance billing" is not allowed. Billing patients more than their copays for services, orbilling a patient extra when services have already been reimbursed, is just as fraudulent.
10
Incorrect reporting of diagnoses or procedures
Coding DX just because they know the service gets paid is in violation of the “False Claims Act”
Providing a lower level service but billing at a higher level.
For example:
• You may have symptoms of a cold. But your doctor may bill for pneumonia, even though all you really have is a cold.
• "Unbundle" a service which requires a number of steps and should be billed as one CPT, but the provider instead bills them individually, so they add up to an higher reimbursement.
11Kickbacks and bribery
Unlawfully pay for and/or receive payments for referrals is a violation of the Federal Anti-Kickback Statute.
Example:
• A provider receives payment from an x-ray facility for each patient sent to them for a service.
• Paying to have patients sent to a provider, whether the patient needed the treatment services or not.
12False/unnecessary issuance of prescriptions
Writing prescriptions for patients for a fee.
Medically unnecessary prescribing.
Collusion – illegal cooperation or conspiracy with pharmacies
13Medically Unnecessary services
Providing services that DO NOT have a medical indication that they are needed. These services are always extras performed to boost reimbursement.
Example:Receiving an EKG in the doctor's office without a valid medically reason and done only for increased visit reimbursement.
To learn more visit:Medicare Fraud & Abuse: Prevent, Detect, Reporthttps://www.cms.gov/Outreach-and-Education/Medicare-Learning-Network-MLN/MLNProducts/Downloads/Fraud-Abuse-MLN4649244-Print-Friendly.pdf
14About Rehmann Healthcare Services
Practice Management
Compliance Solutions
Revenue Cycle Assessment
Staff Education & Training
Practice Performance Benchmarking
HIPAA Risk Assessment
Coding and Billing
Practice Assessment
Medical Record Audits Support
15About Rehmann Corporate Investigative Services
Investigative Services
Backgrounds and Due Diligence
Forensic Accounting
Surveillance
Asset Searches
Digital Forensics
IT Security
Fraud Risk Assessments
Fire Origin and Cause Investigations
High Net Worth Families
16
Frauds at small businesses are 2X costlier than at large
businesses
Nearly 50% of frauds are due to internal control weakness
ACFE 2018 Report to the Nations:
The average company loses 5% of annual revenue to fraud*
https://s3-us-west-2.amazonaws.com/acfepublic/2018-report-to-the-nations.pdf*Estimate by 2,000 anti-fraud experts who have investigated hundreds of thousands of cases.
17The 2018 ACFE Report analyzed 2,690 cases of fraud
$7 billion in total losses
22% exceeded $1 million
$130,000 median loss
18
30% due to lack of internal controls
19% due to override of existing controls
18% due to lack of management review
10% due to poor tone at the top
Internal control weaknesses were the largest factor in fraud
8% lack of competent oversight
19Once it’s gone…
15% recovered all losses
32% made partial recovery
53% recovered nothing
Victims are rarely made wholeAfter a fraud has been detected, the victim might try torecover its losses from the fraudster or other sources.ACFE data shows that victims are rarely made whole. 53%recover nothing.
53%
20Median loss by industry
2018 Report to the Nations on Occupational Fraud and Abuse by the Association of Certified Fraud Examiners
$0 $100,000 $200,000 $300,000 $400,000 $500,000 $600,000
Banking & Financial (366 cases)
Manufacturing (212 cases)
Government/Public Admin (201 cases)
Health Care (158 cases)
Retail (108 cases)
Insurance (101 cases)
Education (97 cases)
Energy (94 cases)
Construction (90 cases)
Other (84 cases)
Transportation/Warehousing (83 cases)
Food Service/Hospitality (68 cases)
Technology (68 cases)
Religious/Charitable (60 cases)
Services (professional) (58 cases)
Entertainment/Recreation (51 cases)
Telecommunications (50 cases)
Real Estate (35 cases)
Agriculture (32 cases)
Utilities (29 cases)
Services (other) (28 cases)
Mining (27 cases)
Communications/Publishing (24 cases)
Wholesale Trade (24 cases)
21Who commits occupational fraud?
Owner/Execs 19%
Managers 32%
Employees 42%
Majority committed by staff at the employee or managerial level
2016 ACFE Report to the Nations on Occupational Fraud and Abuse
22
1 person finance department
Everyone trusts her No oversight or internal controls
Opportunity for fraud
!!!
Doing it allPayables, expense
reports, credit cards, AR, payroll, checking accounts,
signatures
ReliableNo one else
understands the job and/or is intimidated
by it
Cost-effective
Why hire two people when one can do it
all?
Hatches a scheme
Tests, no one notices, tries again
Goes on vacationCIS is called, $350,000 is
missing,happens every day
Common fraud scenario
Years go by
A little more each year
Starts with a little, no one notices,
takes some more
23Other medical office schemes
1The physician’s office manager or biller may be submitting additional expensive service codes in connection with an embezzlement scheme.
2The home infusion vendor, under new management,may be billing for more frequent, more expensive, or fictitious services, in collusion with a collaborating physician.
3The non-contracted physician billing might not actually represent the licensed physician. This supposedly separate practice location may be fictitious, and the patients for whom services are billed are taken from a list of stolen enrollment information.
24Fraud methodologies
Checkbooks
Credit cards
Invoices
Electronic records
Expenses
25What you might see
• Diminishing cash flow when receipts are strong
• Actual bank deposits in a month don’t agree with payments posted to the practice management system
• Increasing accounts payable and accounts receivable balances
• Transactions lacking documentation or approval
• Patient complaints about recording of payments
• Significant number of year-end adjustment journal entries
26What an employee might do
• An employee becoming secretive about his or her work;
• Sudden displays of wealth;
• An indispensable employee who often works late,
• Doesn’t want to share tasks,
• Refuses to take vacations;
• Creates an check ambush, whereby an employee asks physicians to sign a stack of checks at a busy time of day.
• Getting other staff members in “trouble a lot” to make sure they wouldn’t be believable if they went to other management with concerns
27What the practice looks like
• Weak or loosely enforced internal controls
• Profit as the only practice objective and the lone criteria for performance appraisal
• Employees under great stress to accomplish unrealistic objectives
• Complaints from patients, vendors, and employees habitually ignored
• Poor employee morale and practice loyalty
• Lack of monitoring and oversight
28How to not be a target
Step 1: The Best Defense is a Good Offense
29Know the fraud triangle
30Behavioral Red Flags
Living beyond means/lifestyle
changes
Unusually close to vendors
Excessive control issues
Financial difficulties
Know your employees
31
Less effective internal controls
Know the small business weaknesses
Opportunity Fewer Checks and
Balances
Familiarity & Trust
Inability to have separation of
duties
32Strengthen Internal Controls
Dual-signatures
Reconcile
CC statements
Vendors/Invoices
Mandatory vaca
33Repair internal controls
Separation of duties
Cross training of duties
Vacation policy
Policy enforcement
Management oversight
Predictablereview
34Create an Anti-Fraud Business Culture
Create culture of high ethical standards
Segregation/Diversification of responsibilities and duties
Institute background checks on everyone
Create an oversight program
Zero tolerance for violators
Implement a hotline(Most fraud tips are reported via hotline)
Ask questions and take an interest
Follow up
35No exceptions
In many fraud cases, internal controls are in place but are overridden by the perpetrator in order to commit and conceal the fraud.
36
40% of frauds are reported via hotlines
53% of tips come from employees
32% come from outside the company
Most tips come from hotlines
How are frauds detected?
37Trust
Is not an Internal Control
38
Questions?